On the Effects of GDPR ... and What to Do About It

The predicted further regulations being contemplated according to inside sources in the EU could seriously hamper the economic success of the EU and its citizens as well as non-EU investors in EU corporations.  My contention is that the American system has been working pretty darn well so far, despite hiccups like Nebuad and Vizio* and the alleged cyberattack via Cambridge Analytica and its accomplices, which being a nation-to-nation paramilitary action ought to be considered extraordinary to the scope we are dealing with in this post.  Regulation would not stop a paramilitary attack in any case.

In this short series of posts I will seek to cover the history, current events and prescribed future courses of action for the U.S. and all other countries. My intention is to minimize harm to all parties resulting from the new media technologies, specifically with regard to privacy.  The aim is an optimized solution, maximizing benefit to all parties starting with the consumer/citizen and including businesses, nonprofits and governments, i.e. everybody.

My central premise is that over-regulation of privacy will make marketing less efficient and thereby lower stock prices to the degree of causing recessions and/or depressions depending on the degree of regulatory error.

The History

In 1995 I led the creation of the CASIE Privacy Principles for the ANA, 4As and ARF.  The Coalition of Advertiser Supported Information Entertainment was the industry's response to a gauntlet thrown down by Procter & Gamble CEO Ed Artzt who was concerned that the digital information superhighway was being built without the needs of advertisers being considered.  I was not the chair of CASIE but a member who said we should focus on privacy and thus was given the task of leading the collaborative writing of the guidelines.  This took more than 20 drafts, each one being marked up by dozens of companies and nearly a hundred people, until we all agreed on the final version.

These were the key principles:

1. The consumer must give permission for information being collected and used.  In the U.S. we allowed both opt-in and opt-out subject to the other principles especially No. 2.  In Europe as they proceeded along parallel paths but at governmental levels, opt-in was the only acceptable method.  California agreed with the opt-in requirement.
2. The consumer must be told everything about the data being collected and how it is being used or will be used, and the consumer must be able upon learning this to decide to withdraw permission.
3. The data must be kept confidential rather than becoming available to third parties.
4. Anonymized data could be revealed but only at an aggregated level.  However the data could initially be cross-tabulated at an individual/household level for accuracy and precision.
5. The consumer could see the data held on him/her and could correct it and choose to remove some of it or withdraw permission.
6. Mouse print or making it difficult for the consumer to see disclosures was prohibited.
7. If the consumer's data were going to be sold this would not only need to be disclosed but also specifically permitted.

Not every company has followed every one of these principles 100% but in general this self-regulatory platform has worked very well for 23 years.

Coming up in my next post:

• What got added to the CASIE principles in the founding of TRA around privacy
• How precision deterministic targeting has improved ROI
• The rise of widespread ID Graph technology

*Thanks to Jane Clarke for reminding me of the Vizio incident.

Click the social buttons above or below to share this story with your friends and colleagues.

The opinions and points of view expressed in this content are exclusively the views of the author and/or subject(s) and do not necessarily represent the views of MediaVillage.com/MyersBizNet, Inc. management or associated writers.